Hello to all i have set up two tincd as mentioned on this site: http://mia.ece.uic.edu/~papers/volans/tincd.html but all i get on the client side is: [ root@mondhexe ]: # tail -f /var/log/tinc.log Trying to connect to naturstrom (80.132.178.186 port 655) Timeout from naturstrom (80.132.178.186 port 655) during authentication Closing connection with naturstrom (80.132.178.186 port 655) Trying to re-establish outgoing connection in 10 seconds Purging unreachable nodes on the server side: [ root@sphinx ]: # tail -f /var/log/tinc.log /dev/tun is a Linux tun/tap device (tun mode) Executing script tinc-up Creating metasocket failed: Die Adre?familie wird von der Protokollfamilie nicht unterst?tzt Listening on 0.0.0.0 port 655 Ready Read packet of 98 bytes from Linux tun/tap device (tun mode) Cannot route packet: unknown IPv4 destination address 192.168.33.13 Writing packet of 126 bytes to Linux tun/tap device (tun mode) Read packet of 98 bytes from Linux tun/tap device (tun mode) Cannot route packet: unknown IPv4 destination address 192.168.33.13 _________________________________________________________ the conf files are as follows server side [ root@sphinx ]: # cat tinc.conf Name = naturstrom Device = /dev/tun PrivateKeyFile = /etc/tinc/tinc/rsa_key.priv [ root@sphinx ]: # cat tinc-up #!/bin/sh ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 ifconfig $INTERFACE 192.168.0.5 netmask 255.255.255.0 ifconfig $INTERFACE -arp #Add a route to the other network route add -net 192.168.33.0 netmask 255.255.255.0 dev $INTERFACE [ root@sphinx ]: # cat hosts/naturstrom Address = naturstrom.mine.nu Subnet = 192.168.0.0/24 -----BEGIN RSA PUBLIC KEY----- ...... -----END RSA PUBLIC KEY----- the client side same as the server side except the right network addr and a connectto naturstrom i've read the archives as you can see the link above is from ~march but i didn't get it it working. Any touch in the right direction is appreciated thanks in advance michael -- PC - Service Netzwerkdesign und Kunsthandwerk Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/
On Thu, Nov 06, 2003 at 10:50:16PM +0100, Michael Brandstetter wrote:> i have set up two tincd as mentioned on this site: > http://mia.ece.uic.edu/~papers/volans/tincd.htmlYou should also read tinc's manual: http://tinc.nl.linux.org/documentation/tinc> but all i get on the client side is: > [ root@mondhexe ]: # tail -f /var/log/tinc.log > > Trying to connect to naturstrom (80.132.178.186 port 655) > Timeout from naturstrom (80.132.178.186 port 655) during authentication > Closing connection with naturstrom (80.132.178.186 port 655)> on the server side: > [ root@sphinx ]: # tail -f /var/log/tinc.log > > /dev/tun is a Linux tun/tap device (tun mode) > Executing script tinc-up > Creating metasocket failed: Die Adre?familie wird von der Protokollfamilie > nicht unterst?tzt > Listening on 0.0.0.0 port 655 > Ready > Read packet of 98 bytes from Linux tun/tap device (tun mode) > Cannot route packet: unknown IPv4 destination address 192.168.33.13 > Writing packet of 126 bytes to Linux tun/tap device (tun mode) > Read packet of 98 bytes from Linux tun/tap device (tun mode) > Cannot route packet: unknown IPv4 destination address 192.168.33.13It tries to connect to naturstrom, but a connection is never made. Naturstrom never even mentions receiving an incoming connection. Perhaps there is a firewall blocking port 655? Or perhaps the domain name naturstrom.mine.nu didn't point to the right IP address at that time? -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus@sliepen.eu.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20031107/62e7586c/attachment.pgp
Hello again Ger?chteweise brabbelte Guus Sliepen diese Worte:> On Thu, Nov 06, 2003 at 10:50:16PM +0100, Michael Brandstetter wrote: > >> i have set up two tincd as mentioned on this site: >> http://mia.ece.uic.edu/~papers/volans/tincd.html > > You should also read tinc's manual:Sorry for didn't said that, but i've done it.> Naturstrom never even mentions receiving an incoming connection. Perhaps > there is a firewall blocking port 655? Or perhaps the domain name > naturstrom.mine.nu didn't point to the right IP address at that time?Thanks for the kick in the right direction. I applied some additional rules to both firewalls and now it works. Thanks for your great work. With this tool it is very easy and fast to combine to private networks GREAT. greetz michael :)) APPENDIX: My new configfiles on Mondhexe. The files for Naturstrom are the same except the different IP's and Networkaddresses. /etc/tinc/tinc/tinc.conf ------------------------------------------------------------------- # Sample tinc configuration file Name = mondhexe ConnectTo = naturstrom AddressFamily = ipv4 Device = /dev/tun PrivateKeyFile = /etc/tinc/tinc/rsa_key.priv ------------------------------------------------------------------- /etc/tinc/tinc/tinc-up ------------------------------------------------------------------- #!/bin/sh ifconfig $INTERFACE 192.168.33.9 netmask 255.255.255.0 route add -net 192.168.0.0 netmask 255.255.255.0 dev $INTERFACE ------------------------------------------------------------------- /etc/tinc/tinc/tinc-down ------------------------------------------------------------------- #!/bin/sh route del -net 192.168.0.0 netmask 255.255.255.0 dev $INTERFACE ifconfig $INTERFACE down ------------------------------------------------------------------- /etc/tinc/tinc/tinc/hosts/mondhexe ------------------------------------------------------------------- Address = mondhexe.mine.nu Subnet = 192.168.33.0/24 -----BEGIN RSA PUBLIC KEY----- ..... -----END RSA PUBLIC KEY----- ------------------------------------------------------------------- Additional Firewallrules ------------------------------------------------------------------- iptables -A INPUT -p tcp --dport 655 -j ACCEPT iptables -A INPUT -p udp --dport 655 -j ACCEPT iptables -A OUTPUT -p tcp --dport 655 -j ACCEPT iptables -A OUTPUT -p udp --dport 655 -j ACCEPT iptables -A FORWARD -i tun0 -o eth1 -s 192.168.0.0/24 -d 192.168.33.0/24 -j ACCEPT iptables -A FORWARD -i eth1 -o tun0 -s 192.168.33.0/24 -d 192.168.0.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -p udp -m udp --sport 655 -j MASQUERADE -o ppp0 --to-ports 655 -------------------------------------------------------------------- [ root@mondhexe ]: # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 217.5.98.44 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.33.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 0.0.0.0 217.5.98.44 0.0.0.0 UG 0 0 0 ppp0 Tinc: Discussion list about the tinc VPN daemon Archive: http://mail.nl.linux.org/lists/ Tinc site: http://tinc.nl.linux.org/